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IN THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, or claims in the application: 

1 . (Currently Amended) A method of controlling usage of network resources on a 
communications network, the method comprising acts of: (a) creating one or more packet rules 
for analyzing packets received at one or more devices of the communications network, each rule 
including a condition and action to be taken if a packet received at a device satisfies the 
condition; a»d (b) creating one or more service abstractions, each service abstraction 
representing a named set of one or more of the packet rules- r; and (c) associating one or more of 
the service abstractions with a user of the communications network . 

2. (Currently Amended) The method of claim 1, further comprising an act of: (ed) configuring a 
network device of the communications network with one or more packet rules according to at 
least one of the service abstractions. 

3. (Currently Amended) The method of claim 2, wherein the act (ed) comprises: configuring a 
port module of a switching device of the communications network with one or more packet rules 
according to at least one of the service abstractions. 

4. (Currently Amended) The method of claim 2, wherein the act (ed) comprises: configuring a 
firewall of a network device of the communications network with one or more packet rules 
according to at least one of the service abstractions. 

5. (Currently Amended) The method of claim 1, further comprising an act of: (ed) distributing 
the one or more service abstractions to one or more network devices residing on the 
communications network. 

6. (Cancelled) 

7. (Currently Amended) The method of claim 1, further comprising an act of: (ed) creating one 
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or more role abstractions, each role abstraction representing a role of a user with respect to the 
communications network, and each role abstraction including a set of one or more service 
abstractions. 

8. (Currently Amended) The method of claim 7, further comprising an act of: (de) configuring a 
network device of the communications network with one or more packet rules according to one 
of the role abstractions. 

9. (Currently Amended) The method of claim 8, wherein act (de) comprises: configuring a port 
module of a switching device of the communications network with one or more packet rules 
according to one of the role abstractions. 

10. (Currently- Amended) The method of claim 8, wherein act (de) comprises: configuring a 
firewall of a network device of the communications network with one or more packet rules 
according to one of the role abstractions. 

1 1 . (Currently Amended) The method of claim 7, further comprising an act of: (de) distributing 
the one or more role abstractions to one or more network devices residing on the 
communications network. 

12. (Currently Amended) The method of claim 7, further comprising an act of: (de) assigning 
one of the role abstractions to at least a first user of the communications network. 

13. (Currently Amended) A system for controlling usage of network resources on a 
communications network, the system comprising: a rule editing module to create one or more 
packet rules for analyzing packets received at one or more devices of the communications 
network, each rule including a condition and action to be taken if a packet received at a device 
satisfies the condition; and a service editing module to create one or more service abstractions 
associated with a user of the communications network, each service abstraction representing a 
named set of one or more of the packet rules. 

14. (Original) The system of claim 13, further comprising: logic to configure a network device 



4 



Application No.: 10/071,228 



Docket No.: ENB-012/E00378/70181 



with one or more packet rules according to at least one of the service abstractions. 

15. (Original) The system of claim 14, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to at least 
one of the service abstractions. 

16. (Original) The system of claim 14, wherein the logic comprises: firewall logic to configure a 
firewall of a network device with one or more packet rules according to at least one of the 
service abstractions. 

17. (Original) The system of claim 13, further comprising: a distribution module to distribute the 
one or more service abstractions to one or more network devices residing on the communications 
network. 

18. (Cancelled) 

19. (Currently Amended) The system of claim 13, further comprising: a role editing module to 
create one or more role abstractions, each role abstraction representing a role of a user with 
respect to the communications network, and each role abstraction including a set of one or more 
service abstractions. 

20. (Original) The system of claim 19, further comprising: logic to configure a network device 
with one or more packet rules according to one of the role abstractions. 

21. (Original) The system of claim 20, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

22. (Original) The system of claim 20, wherein the logic comprises: firewall logic to configure a 
firewall of a network device with one or more packet rules according to one of the role 
abstractions. 
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23. (Original) The system of claim 19, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

24. (Original) The system of claim 19, further comprising: assigning logic to assign one of the 
role abstractions to at least a first user of the communications network. 

25. (Currently Amended) A system for controlling usage of network resources on a 
communications network, the system comprising: a rule editing module to create one or more 
packet rules for analyzing packets received at one or more devices of the communications 
network, each rule including a condition and action to be taken if a packet received at a device 
satisfies the condition; and means for creating one or more service abstractions associated with a 
user of the communications network, each service abstraction representing a named set of one or 
more of the packet rules. 

26. (Currently Amended) A computer program product, comprising: a computer readable 
medium; and computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources on a communications network, the process 
comprising acts of: (a) creating one or more packet rules for analyzing packets received at one or 
more devices of the communication network, each rule including a condition and action to be 
taken if a packet received at a device satisfies the condition; and (b) creating one or more service 
abstractions associated with a user of the communications network, each service abstraction 
representing a named set of one or more of the packet rules. 

27. (Currently Amended) A method of controlling usage of network resources on a 
communications network, the method comprising acts of: (a) creating one or more packet rules 
for analyzing packets received at one or more devices of the communication network, each rule 
including a condition and action to be taken if a packet received at a device satisfies the 
condition; and (b) creating one or more role abstractions, each role abstraction representing a 
role of a user with respect to the communications network, and each role abstraction including a 
set of one or more packet rules. 
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28. (Original) The method of claim 27, further comprising an act of: (c) configuring a network 
device of the communications network with one or more packet rules according to one of the 
role abstractions. 

29. (Original) The method of claim 28, wherein act (c) comprises: configuring a port module of 
a switching device of the communications network with one or more packet rules according to 
one of the role abstractions. 

30. (Original) The method of claim 28, wherein act (c) comprises: configuring a firewall of a 
network device of the communications network with one or more packet rules according to one 
of the role abstractions. 

31. (Original) The method of claim 27, further comprising an act of: (c) distributing the one or 
more role abstractions to one or more network devices residing on the communications network. 

32. (Original) The method of claim 27, further comprising an act of: (c) assigning one of the role 
abstractions to at least a first user of the communications network. 

33. (Currently Amended) A system for controlling usage of network resources on a 
communications network, the system comprising: a rule editing module to create one or more 
packet rules for analyzing packets received at one or more devices of the communications 
network, each rule including a condition and action to be taken if a packet received at a device 
satisfies the condition; and a role editing module to create one or more role abstractions, each 
role abstraction representing a role of a user with respect to the communications network, and 
each role abstraction including a set of one or more packet rules. 

34. (Original) The system of claim 33, further comprising: logic to configure a port module of a 
network device with one or more packet rules according to one of the role abstractions. 

35. (Original) The system of claim 34, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to one of 
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the role abstractions. 

36. (Original) The system of claim 34, wherein the logic comprises: firewall logic to configure a 
firewall of a network device with one or more packet rules according to one of the role 
abstractions. 

37. (Original) The system of claim 33, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

38. (Original) The system of claim 33, further comprising: assigning logic to assign one of the 
role abstractions to at least a first user of the communications network. 

39. (Currently Amended) A system for controlling usage of network resources on a 
communications network, the system comprising: a rule editing module to create one or more 
packet rules for analyzing packets received at one or more devices of the communications 
network, each rule including a condition and action to be taken if a packet received at a device 
satisfies the condition; and means for creating one or more role abstractions, each role 
abstraction representing a role of a user with respect to the communications network, and each 
role abstraction including a set of one or more G e rvico abstractions p acket rules . 

40. (Currently Amended) A computer program product, comprising: a computer readable 
medium; and computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources on a communications network, the process 
comprising acts of: (a) creating one or more packet rules for analyzing packets received at one or 
more devices of the communications network, each rule including a condition and action to be 
taken if a packet received at a device satisfies the condition; and (b) creating one or more role 
abstractions, each role abstraction representing a role of a user with respect to the 
communications network, and each role abstraction including a set of one or more sorvico 
abstraotionG p acket rules . 
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